Bug 23175

Advisory
========

The Flash Player plugin has been updated to the latest version. It is a bug fix release.


References
==========
https://helpx.adobe.com/flash-player/release-note/fp_30_air_30_release_notes.html


Files
=====

Uploaded to nonfree/updates_testing

flash-player-plugin-30.0.0.113-1.mga6

from flash-player-plugin-30.0.0.113-1.mga6.src.rpm

On real hardware, HP 6550b laptop, i3, 8GB, Intel graphics, Intel wifi, 64-bit Plasma system:

Package installed cleanly. Went to one site known to use flash, and an Adone test site. Both worked as expected.

Looks OK to me for 64-bit.

CC: (none) => andrewsfarm

In VirtualBox, M6, MATE, 32-bit

Package(s) under test:
flash-player-plugin

default install of flash-player-plugin

[root@localhost wilcal]# urpmi flash-player-plugin
Package flash-player-plugin-29.0.0.171-1.mga6.nonfree.i586 is already installed

https://helpx.adobe.com/flash-player.html
Works, reloads and works again. Shows I am using flash: 29.0.0.171
Indicates that I am not using the latest Flash Player version.
Some sites are indicating that I am not using the latest Flash Player

Install flash-player-plugin from updates_testing

[root@localhost wilcal]# urpmi flash-player-plugin
Package flash-player-plugin-30.0.0.113-1.mga6.nonfree.i586 is already installed

https://helpx.adobe.com/flash-player.html
Works, reloads and works again. Shows I am using flash: 30.0.0.113
Sites that need Flash Player play Flash content

CC: (none) => wilcal.int

In VirtualBox, M6, MATE, 64-bit

Package(s) under test:
flash-player-plugin

default install of flash-player-plugin

[root@localhost wilcal]# urpmi flash-player-plugin
Package flash-player-plugin-29.0.0.171-1.mga6.nonfree.x86_64 is already installed

https://helpx.adobe.com/flash-player.html
Works, reloads and works again. Shows I am using flash: 29.0.0.171
Indicates that I am not using the latest Flash Player version.
Some sites are indicating that I am not using the latest Flash Player

Install flash-player-plugin from updates_testing

[root@localhost wilcal]# urpmi flash-player-plugin
Package flash-player-plugin-30.0.0.113-1.mga6.nonfree.x86_64 is already installed

https://helpx.adobe.com/flash-player.html
Works, reloads and works again. Shows I am using flash: 30.0.0.113
Sites that need Flash Player play Flash content

Fixed advisory, added to svn:

type: security
subject: Updated flash-player-plugin packages fixes security issues
CVE:
 - CVE-2018-4945
 - CVE-2018-5000
 - CVE-2018-5001
 - CVE-2018-5002
src:
  6:
   nonfree:
     - flash-player-plugin-30.0.0.113-1.mga6
description: |
  Updated flash-player-plugin packages fixes the following security issues

  A remote attacker could possibly execute arbitrary code with the privileges
  of the process or obtain sensitive information (CVE-2018-4945, 
  CVE-2018-5000, CVE-2018-5001, CVE-2018-5002).

  In response to a class of recently disclosed vulnerabilities in popular
  CPU hardware related to data cache timing (CVE-2017-5753, CVE-2017-5715,
  CVE-2017-5754), known popularly as Spectre and Meltdown, Adobe are
  disabling the ‘shareable’ property of the ActionScript ByteArray class
  by default. For more info see the referenced adobe release notes.
references:
 - https://bugs.mageia.org/show_bug.cgi?id=23175
 - https://helpx.adobe.com/security/products/flash-player/apsb18-19.html
 - https://helpx.adobe.com/flash-player/release-note/fp_30_air_30_release_notes.html

Component: RPM Packages => Security
CC: (none) => tmb
CVE: (none) => CVE-2018-4945, CVE-2018-5000, CVE-2018-5001, CVE-2018-5002
QA Contact: (none) => security
Keywords: (none) => advisory

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2018-0286.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED